Created
January 10, 2024 16:26
-
-
Save abhimskywalker/f78a353a18c8246f9c0b20c110903a45 to your computer and use it in GitHub Desktop.
Python equivalent of `import { Config } from "sst/node/config";` in `sst`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
import os | |
SST_APP = os.getenv("SST_APP") | |
SST_STAGE = os.getenv("SST_STAGE") | |
ssm = boto3.client("ssm") | |
def get_secret(name): | |
parameter = ssm.get_parameter( | |
Name=f"/sst/{SST_APP}/{SST_STAGE}/Secret/{name}/value", WithDecryption=True | |
) | |
return parameter["Parameter"]["Value"] | |
def main(): | |
DATABASE_URL = get_secret("DATABASE_URL") | |
# do stuff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const DATABASE_URL = new Config.Secret(stack, "DATABASE_URL"); | |
const mySecretAccessingFunc new Function(stack, "MySecretAccessingFunc", { | |
runtime: "container", // could be "python3.11" | |
bind: [DATABASE_URL], // This does set lambda env var "SST_Secret_value_DATABASE_URL": "__FETCH_FROM_SSM__", but dunno how to use it in python 🤷♂️🥲 | |
handler: "src/lambda", | |
container: { | |
cmd: ["handler.main"] | |
}, | |
initialPolicy: [ | |
// For lambda to be able to access secrets. | |
new iam.PolicyStatement({ | |
effect: iam.Effect.ALLOW, | |
resources: [ | |
`arn:aws:ssm:*:*:parameter/sst/${app.name}/${stack.stage}/Secret/*`, | |
], | |
actions: ["ssm:GetParameter"], | |
}), | |
], | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment